Re: [Clamav-users] eicar Identified But Not Moved

Wed, 17 Oct 2007 05:58:05 -0700 

The following is what appears in the trace that I belive is relevant (it is all 
that appears relevant to eicar)

lstat64("/home/justlgn/test/eicar.com", {st_mode=S_IFREG|0644, st_size=69, 
...}) = 0
stat64("/home/justlgn/test/eicar.com", {st_mode=S_IFREG|0644, st_size=69, ...}) 
= 0
stat64("/home/justlgn/test/eicar.com", {st_mode=S_IFREG|0644, st_size=69, ...}) 
= 0
geteuid32()                             = 0
open("/home/justlgn/test/eicar.com", O_RDONLY) = -1 EPERM (Operation not 
permitted)
write(3, "WARNING: Can\'t open file /home/j"..., 54) = 54
write(2, "WARNING: Can\'t open file /home/j"..., 54) = 54

I'm trying to find what I can on the -1 EPERM (Operation not permitted), but so 
far nothing.

If anyone has any insight, that would be much appreciated.

Thank you.

Sean


----- Original Message ----
From: Török Edvin <[EMAIL PROTECTED]>
To: ClamAV users ML <[email protected]>
Sent: Tuesday, October 16, 2007 3:18:43 PM
Subject: Re: [Clamav-users] eicar Identified But Not Moved

On 10/16/07, Sean McGlynn <[EMAIL PROTECTED]> wrote:
> Just to be certain (It's not my first day with Linux, but I'm still 
> relatively new to it), you mean NFS as in Network File System, as in mounting 
> a remote file system on the Linux server, correct?  If correct, then no, NFS 
> is not involved.  Both the directory being scanned and the destination 
> directory for quarantine files on on the root filesystem, local to the 
> machine.
>

Try this:
$ strace clamscan -r --move=/var/log/clam/infected -l
/var/log/clam/dailyclamscanSPM /home/justlgn/test/eicar.com

Then we'll know exactly what happened. "Can't open file" looks like a
message from the scanner, if the file couldn't be moved, it should
have said that it cannot move the file.

--Edwin
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Reply via email to